From 63775bf0368919d4f0ef403abd3293650f46fb47 Mon Sep 17 00:00:00 2001 From: Ryan Parman Date: Sun, 19 Nov 2023 17:55:51 -0800 Subject: [PATCH] build: Replaced much of Licensei with Trivy for licenses. (#66) * WIP * Replaced much of Licensei with Trivy for licenses. * lint: Ran consistency scan and fixed stuff. --- .licensei.cache | 39 +- .licensei.toml | 11 - .licenses.cache.json | 1257 +++++++++++++++++ .pre-commit-config.yaml | 14 + Makefile | 17 +- .../env_ensure_data_source_test.go | 2 +- .../str_camel_data_source_test.go | 2 +- .../str_constant_data_source_test.go | 2 +- .../str_iterative_replace_data_source_test.go | 2 +- .../str_kebab_data_source_test.go | 2 +- .../str_pascal_data_source_test.go | 2 +- .../str_snake_data_source_test.go | 2 +- .../truncate_label_data_source_test.go | 4 +- trivy-license.yaml | 197 +++ trivy-vuln.yaml | 58 + 15 files changed, 1563 insertions(+), 48 deletions(-) create mode 100644 .licenses.cache.json create mode 100644 trivy-license.yaml create mode 100644 trivy-vuln.yaml diff --git a/.licensei.cache b/.licensei.cache index 2118dd93..97d918d0 100644 --- a/.licensei.cache +++ b/.licensei.cache @@ -3,7 +3,7 @@ confidence = 1.0 license = "MIT" name = "github.com/xo/terminfo" - revision = "v0.0.0-20220910002029-abceb7e1c41e" + revision = "v0.0.0-20210125001918-ca9a967f8778" type = "gomod" [[dependencies]] @@ -17,7 +17,7 @@ confidence = 1.0 license = "BSD-2-Clause" name = "github.com/vmihailenco/msgpack/v5" - revision = "v5.3.5" + revision = "v5.4.1" type = "gomod" [[dependencies]] @@ -31,28 +31,28 @@ confidence = 1.0 license = "MPL-2.0" name = "github.com/hashicorp/terraform-plugin-go" - revision = "v0.19.0" + revision = "v0.19.1" type = "gomod" [[dependencies]] confidence = 1.0 license = "MPL-2.0" name = "github.com/hashicorp/terraform-plugin-framework" - revision = "v1.4.0" + revision = "v1.4.2" type = "gomod" [[dependencies]] confidence = 1.0 license = "BSD-3-Clause" name = "golang.org/x/sys" - revision = "v0.12.0" + revision = "v0.14.0" type = "gomod" [[dependencies]] confidence = 1.0 license = "MIT" name = "github.com/mattn/go-isatty" - revision = "v0.0.19" + revision = "v0.0.17" type = "gomod" [[dependencies]] @@ -66,7 +66,7 @@ confidence = 1.0 license = "MIT" name = "github.com/fatih/color" - revision = "v1.15.0" + revision = "v1.14.1" type = "gomod" [[dependencies]] @@ -108,49 +108,49 @@ confidence = 1.0 license = "MPL-2.0" name = "github.com/hashicorp/go-plugin" - revision = "v1.5.1" + revision = "v1.5.2" type = "gomod" [[dependencies]] confidence = 1.0 license = "BSD-3-Clause" name = "golang.org/x/net" - revision = "v0.15.0" + revision = "v0.17.0" type = "gomod" [[dependencies]] confidence = 1.0 license = "Apache-2.0" name = "google.golang.org/grpc" - revision = "v1.58.0" + revision = "v1.59.0" type = "gomod" [[dependencies]] confidence = 1.0 license = "Apache-2.0" name = "google.golang.org/genproto/googleapis/rpc" - revision = "v0.0.0-20230913181813-007df8e322eb" + revision = "v0.0.0-20230822172742-b8732ec3820d" type = "gomod" [[dependencies]] confidence = 1.0 license = "BSD-3-Clause" name = "golang.org/x/text" - revision = "v0.13.0" + revision = "v0.14.0" type = "gomod" [[dependencies]] confidence = 1.0 license = "MPL-2.0" name = "github.com/hashicorp/yamux" - revision = "v0.1.1" + revision = "v0.0.0-20181012175058-2f1d1f20f75d" type = "gomod" [[dependencies]] confidence = 1.0 license = "Apache-2.0" name = "github.com/oklog/run" - revision = "v1.1.0" + revision = "v1.0.0" type = "gomod" [[dependencies]] @@ -171,7 +171,7 @@ confidence = 1.0 license = "MPL-2.0" name = "github.com/hashicorp/terraform-registry-address" - revision = "v0.2.2" + revision = "v0.2.3" type = "gomod" [[dependencies]] @@ -195,6 +195,13 @@ revision = "v0.0.0-20230302161720-ec685e2f274a" type = "gomod" +[[dependencies]] + confidence = 1.0 + license = "MIT" + name = "github.com/chanced/caps" + revision = "v1.0.1" + type = "gomod" + [[dependencies]] confidence = 1.0 license = "MPL-2.0" @@ -220,5 +227,5 @@ confidence = 1.0 license = "Apache-2.0" name = "github.com/spf13/cobra" - revision = "v1.7.0" + revision = "v1.8.0" type = "gomod" diff --git a/.licensei.toml b/.licensei.toml index 90ec72e6..3890c220 100644 --- a/.licensei.toml +++ b/.licensei.toml @@ -1,14 +1,3 @@ -approved = [ - 'apache-2.0', - 'bsd-2-clause', - 'bsd-3-clause', - 'isc', - 'mpl-2.0', - 'mit', -] - -ignored = ['google.golang.org/protobuf'] - [header] template = """// Copyright 2023, Ryan Parman // diff --git a/.licenses.cache.json b/.licenses.cache.json new file mode 100644 index 00000000..d1fa15d6 --- /dev/null +++ b/.licenses.cache.json @@ -0,0 +1,1257 @@ +{ + "SchemaVersion": 2, + "ArtifactName": ".", + "ArtifactType": "filesystem", + "Metadata": { + "ImageConfig": { + "architecture": "", + "created": "0001-01-01T00:00:00Z", + "os": "", + "rootfs": { + "type": "", + "diff_ids": null + }, + "config": {} + } + }, + "Results": [ + { + "Target": "go.mod", + "Class": "lang-pkgs", + "Type": "gomod", + "Packages": [ + { + "ID": "github.com/Masterminds/goutils@v1.1.1", + "Name": "github.com/Masterminds/goutils", + "Version": "1.1.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/Masterminds/semver/v3@v3.1.1", + "Name": "github.com/Masterminds/semver/v3", + "Version": "3.1.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/Masterminds/sprig/v3@v3.2.2", + "Name": "github.com/Masterminds/sprig/v3", + "Version": "3.2.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "DependsOn": [ + "github.com/google/uuid@v1.3.1", + "github.com/huandu/xstrings@v1.3.2", + "github.com/imdario/mergo@v0.3.15", + "github.com/mitchellh/copystructure@v1.2.0", + "github.com/stretchr/testify@v1.8.4", + "github.com/Masterminds/goutils@v1.1.1", + "github.com/Masterminds/semver/v3@v3.1.1", + "golang.org/x/crypto@v0.15.0", + "github.com/shopspring/decimal@v1.3.1", + "github.com/spf13/cast@v1.5.0" + ], + "Layer": {} + }, + { + "ID": "github.com/ProtonMail/go-crypto@v0.0.0-20230828082145-3c4c8a2d2371", + "Name": "github.com/ProtonMail/go-crypto", + "Version": "0.0.0-20230828082145-3c4c8a2d2371", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "DependsOn": [ + "github.com/cloudflare/circl@v1.3.3", + "golang.org/x/crypto@v0.15.0" + ], + "Layer": {} + }, + { + "ID": "github.com/agext/levenshtein@v1.2.2", + "Name": "github.com/agext/levenshtein", + "Version": "1.2.2", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/apparentlymart/go-textseg/v15@v15.0.0", + "Name": "github.com/apparentlymart/go-textseg/v15", + "Version": "15.0.0", + "Licenses": [ + "Apache-2.0", + "MIT", + "Unicode-DFS-2016" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/armon/go-radix@v1.0.0", + "Name": "github.com/armon/go-radix", + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/bgentry/speakeasy@v0.1.0", + "Name": "github.com/bgentry/speakeasy", + "Version": "0.1.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/chanced/caps@v1.0.1", + "Name": "github.com/chanced/caps", + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": {} + }, + { + "ID": "github.com/cloudflare/circl@v1.3.3", + "Name": "github.com/cloudflare/circl", + "Version": "1.3.3", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "DependsOn": [ + "golang.org/x/crypto@v0.15.0", + "golang.org/x/sys@v0.14.0" + ], + "Layer": {} + }, + { + "ID": "github.com/davecgh/go-spew@v1.1.1", + "Name": "github.com/davecgh/go-spew", + "Version": "1.1.1", + "Licenses": [ + "ISC" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/fatih/color@v1.14.1", + "Name": "github.com/fatih/color", + "Version": "1.14.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "DependsOn": [ + "github.com/mattn/go-colorable@v0.1.13", + "github.com/mattn/go-isatty@v0.0.17" + ], + "Layer": {} + }, + { + "ID": "github.com/golang/protobuf@v1.5.3", + "Name": "github.com/golang/protobuf", + "Version": "1.5.3", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "DependsOn": [ + "google.golang.org/protobuf@v1.31.0", + "github.com/google/go-cmp@v0.6.0" + ], + "Layer": {} + }, + { + "ID": "github.com/google/go-cmp@v0.6.0", + "Name": "github.com/google/go-cmp", + "Version": "0.6.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Layer": {} + }, + { + "ID": "github.com/google/uuid@v1.3.1", + "Name": "github.com/google/uuid", + "Version": "1.3.1", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/gookit/color@v1.5.4", + "Name": "github.com/gookit/color", + "Version": "1.5.4", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "golang.org/x/sys@v0.14.0", + "github.com/stretchr/testify@v1.8.4", + "github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778" + ], + "Layer": {} + }, + { + "ID": "github.com/gtramontina/ooze@v0.2.0", + "Name": "github.com/gtramontina/ooze", + "Version": "0.2.0", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "github.com/hexops/gotextdiff@v1.0.3", + "github.com/stretchr/testify@v1.8.4", + "github.com/fatih/color@v1.14.1" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/errwrap@v1.1.0", + "Name": "github.com/hashicorp/errwrap", + "Version": "1.1.0", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/hashicorp/go-checkpoint@v0.5.0", + "Name": "github.com/hashicorp/go-checkpoint", + "Version": "0.5.0", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "DependsOn": [ + "github.com/hashicorp/go-uuid@v1.0.3", + "github.com/hashicorp/go-cleanhttp@v0.5.2" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/go-cleanhttp@v0.5.2", + "Name": "github.com/hashicorp/go-cleanhttp", + "Version": "0.5.2", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/hashicorp/go-cty@v1.4.1-0.20200414143053-d3edf31b6320", + "Name": "github.com/hashicorp/go-cty", + "Version": "1.4.1-0.20200414143053-d3edf31b6320", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "DependsOn": [ + "github.com/google/go-cmp@v0.6.0", + "github.com/vmihailenco/msgpack@v4.0.4+incompatible", + "golang.org/x/text@v0.14.0" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/go-hclog@v1.5.0", + "Name": "github.com/hashicorp/go-hclog", + "Version": "1.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "DependsOn": [ + "github.com/fatih/color@v1.14.1", + "github.com/mattn/go-colorable@v0.1.13", + "github.com/mattn/go-isatty@v0.0.17", + "github.com/stretchr/testify@v1.8.4" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/go-multierror@v1.1.1", + "Name": "github.com/hashicorp/go-multierror", + "Version": "1.1.1", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "DependsOn": [ + "github.com/hashicorp/errwrap@v1.1.0" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/go-plugin@v1.5.2", + "Name": "github.com/hashicorp/go-plugin", + "Version": "1.5.2", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "DependsOn": [ + "github.com/golang/protobuf@v1.5.3", + "github.com/hashicorp/yamux@v0.0.0-20181012175058-2f1d1f20f75d", + "github.com/oklog/run@v1.0.0", + "google.golang.org/grpc@v1.59.0", + "github.com/hashicorp/go-hclog@v1.5.0", + "github.com/mitchellh/go-testing-interface@v1.14.1" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/go-uuid@v1.0.3", + "Name": "github.com/hashicorp/go-uuid", + "Version": "1.0.3", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/hashicorp/go-version@v1.6.0", + "Name": "github.com/hashicorp/go-version", + "Version": "1.6.0", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/hashicorp/hc-install@v0.6.1", + "Name": "github.com/hashicorp/hc-install", + "Version": "0.6.1", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "DependsOn": [ + "github.com/google/go-cmp@v0.6.0", + "github.com/hashicorp/logutils@v1.0.0", + "github.com/hashicorp/go-multierror@v1.1.1", + "github.com/hashicorp/go-checkpoint@v0.5.0", + "github.com/hashicorp/go-version@v1.6.0", + "golang.org/x/mod@v0.13.0", + "github.com/mitchellh/cli@v1.1.5", + "github.com/ProtonMail/go-crypto@v0.0.0-20230828082145-3c4c8a2d2371", + "github.com/hashicorp/go-cleanhttp@v0.5.2" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/hcl/v2@v2.19.1", + "Name": "github.com/hashicorp/hcl/v2", + "Version": "2.19.1", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "DependsOn": [ + "github.com/mitchellh/go-wordwrap@v1.0.0", + "github.com/agext/levenshtein@v1.2.2", + "github.com/davecgh/go-spew@v1.1.1", + "github.com/apparentlymart/go-textseg/v15@v15.0.0", + "golang.org/x/crypto@v0.15.0", + "github.com/spf13/pflag@v1.0.5", + "github.com/zclconf/go-cty@v1.14.1", + "github.com/google/go-cmp@v0.6.0" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/logutils@v1.0.0", + "Name": "github.com/hashicorp/logutils", + "Version": "1.0.0", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/hashicorp/terraform-exec@v0.19.0", + "Name": "github.com/hashicorp/terraform-exec", + "Version": "0.19.0", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "DependsOn": [ + "github.com/hashicorp/terraform-json@v0.17.1", + "github.com/hashicorp/hc-install@v0.6.1", + "github.com/google/go-cmp@v0.6.0", + "github.com/zclconf/go-cty@v1.14.1", + "github.com/hashicorp/go-version@v1.6.0" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/terraform-json@v0.17.1", + "Name": "github.com/hashicorp/terraform-json", + "Version": "0.17.1", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "DependsOn": [ + "github.com/google/go-cmp@v0.6.0", + "github.com/hashicorp/go-version@v1.6.0", + "github.com/mitchellh/copystructure@v1.2.0", + "github.com/zclconf/go-cty@v1.14.1", + "github.com/davecgh/go-spew@v1.1.1" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/terraform-plugin-docs@v0.16.0", + "Name": "github.com/hashicorp/terraform-plugin-docs", + "Version": "0.16.0", + "Licenses": [ + "MPL-2.0" + ], + "DependsOn": [ + "golang.org/x/text@v0.14.0", + "github.com/hashicorp/hc-install@v0.6.1", + "github.com/mitchellh/cli@v1.1.5", + "golang.org/x/exp@v0.0.0-20230626212559-97b1e661b5df", + "github.com/hashicorp/terraform-exec@v0.19.0", + "github.com/mattn/go-colorable@v0.1.13", + "github.com/russross/blackfriday@v1.6.0", + "github.com/google/go-cmp@v0.6.0", + "github.com/hashicorp/terraform-json@v0.17.1", + "github.com/zclconf/go-cty@v1.14.1", + "github.com/hashicorp/go-version@v1.6.0" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/terraform-plugin-framework@v1.4.2", + "Name": "github.com/hashicorp/terraform-plugin-framework", + "Version": "1.4.2", + "Licenses": [ + "MPL-2.0" + ], + "DependsOn": [ + "github.com/google/go-cmp@v0.6.0", + "github.com/hashicorp/terraform-plugin-go@v0.19.1", + "github.com/hashicorp/terraform-plugin-log@v0.9.0" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/terraform-plugin-framework-validators@v0.12.0", + "Name": "github.com/hashicorp/terraform-plugin-framework-validators", + "Version": "0.12.0", + "Licenses": [ + "MPL-2.0" + ], + "DependsOn": [ + "github.com/hashicorp/terraform-plugin-go@v0.19.1", + "github.com/google/go-cmp@v0.6.0", + "github.com/hashicorp/terraform-plugin-framework@v1.4.2" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/terraform-plugin-go@v0.19.1", + "Name": "github.com/hashicorp/terraform-plugin-go", + "Version": "0.19.1", + "Licenses": [ + "MPL-2.0" + ], + "DependsOn": [ + "github.com/hashicorp/terraform-registry-address@v0.2.3", + "github.com/mitchellh/go-testing-interface@v1.14.1", + "github.com/hashicorp/go-hclog@v1.5.0", + "github.com/vmihailenco/msgpack/v5@v5.4.1", + "github.com/google/go-cmp@v0.6.0", + "github.com/hashicorp/go-plugin@v1.5.2", + "github.com/hashicorp/go-uuid@v1.0.3", + "github.com/hashicorp/terraform-plugin-log@v0.9.0", + "google.golang.org/grpc@v1.59.0", + "google.golang.org/protobuf@v1.31.0" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/terraform-plugin-log@v0.9.0", + "Name": "github.com/hashicorp/terraform-plugin-log", + "Version": "0.9.0", + "Licenses": [ + "MPL-2.0" + ], + "DependsOn": [ + "github.com/google/go-cmp@v0.6.0", + "github.com/hashicorp/go-hclog@v1.5.0", + "github.com/mitchellh/go-testing-interface@v1.14.1" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/terraform-plugin-sdk/v2@v2.30.0", + "Name": "github.com/hashicorp/terraform-plugin-sdk/v2", + "Version": "2.30.0", + "Licenses": [ + "MPL-2.0" + ], + "DependsOn": [ + "github.com/hashicorp/go-plugin@v1.5.2", + "golang.org/x/crypto@v0.15.0", + "github.com/mitchellh/mapstructure@v1.5.0", + "github.com/mitchellh/reflectwalk@v1.0.2", + "github.com/hashicorp/go-uuid@v1.0.3", + "github.com/zclconf/go-cty@v1.14.1", + "github.com/hashicorp/terraform-exec@v0.19.0", + "github.com/hashicorp/terraform-json@v0.17.1", + "github.com/mitchellh/go-testing-interface@v1.14.1", + "github.com/google/go-cmp@v0.6.0", + "github.com/hashicorp/go-cty@v1.4.1-0.20200414143053-d3edf31b6320", + "github.com/hashicorp/hcl/v2@v2.19.1", + "github.com/hashicorp/go-hclog@v1.5.0", + "github.com/hashicorp/go-version@v1.6.0", + "github.com/hashicorp/hc-install@v0.6.1", + "github.com/hashicorp/logutils@v1.0.0", + "github.com/hashicorp/terraform-plugin-log@v0.9.0", + "github.com/hashicorp/terraform-plugin-go@v0.19.1", + "github.com/mitchellh/copystructure@v1.2.0" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/terraform-registry-address@v0.2.3", + "Name": "github.com/hashicorp/terraform-registry-address", + "Version": "0.2.3", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "DependsOn": [ + "github.com/google/go-cmp@v0.6.0", + "github.com/hashicorp/terraform-svchost@v0.1.1", + "golang.org/x/net@v0.17.0" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/terraform-svchost@v0.1.1", + "Name": "github.com/hashicorp/terraform-svchost", + "Version": "0.1.1", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "DependsOn": [ + "golang.org/x/net@v0.17.0", + "github.com/hashicorp/go-version@v1.6.0", + "github.com/zclconf/go-cty@v1.14.1", + "github.com/google/go-cmp@v0.6.0", + "github.com/hashicorp/go-cleanhttp@v0.5.2" + ], + "Layer": {} + }, + { + "ID": "github.com/hashicorp/yamux@v0.0.0-20181012175058-2f1d1f20f75d", + "Name": "github.com/hashicorp/yamux", + "Version": "0.0.0-20181012175058-2f1d1f20f75d", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/hexops/gotextdiff@v1.0.3", + "Name": "github.com/hexops/gotextdiff", + "Version": "1.0.3", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/huandu/xstrings@v1.3.2", + "Name": "github.com/huandu/xstrings", + "Version": "1.3.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/imdario/mergo@v0.3.15", + "Name": "github.com/imdario/mergo", + "Version": "0.3.15", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "DependsOn": [ + "gopkg.in/yaml.v3@v3.0.1" + ], + "Layer": {} + }, + { + "ID": "github.com/inconshreveable/mousetrap@v1.1.0", + "Name": "github.com/inconshreveable/mousetrap", + "Version": "1.1.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/lithammer/dedent@v1.1.0", + "Name": "github.com/lithammer/dedent", + "Version": "1.1.0", + "Licenses": [ + "MIT" + ], + "Layer": {} + }, + { + "ID": "github.com/mattn/go-colorable@v0.1.13", + "Name": "github.com/mattn/go-colorable", + "Version": "0.1.13", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "DependsOn": [ + "github.com/mattn/go-isatty@v0.0.17" + ], + "Layer": {} + }, + { + "ID": "github.com/mattn/go-isatty@v0.0.17", + "Name": "github.com/mattn/go-isatty", + "Version": "0.0.17", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "DependsOn": [ + "golang.org/x/sys@v0.14.0" + ], + "Layer": {} + }, + { + "ID": "github.com/mitchellh/cli@v1.1.5", + "Name": "github.com/mitchellh/cli", + "Version": "1.1.5", + "Licenses": [ + "MPL-2.0" + ], + "Indirect": true, + "DependsOn": [ + "github.com/Masterminds/sprig/v3@v3.2.2", + "github.com/armon/go-radix@v1.0.0", + "github.com/bgentry/speakeasy@v0.1.0", + "github.com/fatih/color@v1.14.1", + "github.com/mattn/go-isatty@v0.0.17", + "github.com/posener/complete@v1.2.3" + ], + "Layer": {} + }, + { + "ID": "github.com/mitchellh/copystructure@v1.2.0", + "Name": "github.com/mitchellh/copystructure", + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "DependsOn": [ + "github.com/mitchellh/reflectwalk@v1.0.2" + ], + "Layer": {} + }, + { + "ID": "github.com/mitchellh/go-testing-interface@v1.14.1", + "Name": "github.com/mitchellh/go-testing-interface", + "Version": "1.14.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/mitchellh/go-wordwrap@v1.0.0", + "Name": "github.com/mitchellh/go-wordwrap", + "Version": "1.0.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/mitchellh/mapstructure@v1.5.0", + "Name": "github.com/mitchellh/mapstructure", + "Version": "1.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/mitchellh/reflectwalk@v1.0.2", + "Name": "github.com/mitchellh/reflectwalk", + "Version": "1.0.2", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/northwood-labs/golang-utils/archstring@v0.0.0-20230302161720-ec685e2f274a", + "Name": "github.com/northwood-labs/golang-utils/archstring", + "Version": "0.0.0-20230302161720-ec685e2f274a", + "Licenses": [ + "MIT" + ], + "Layer": {} + }, + { + "ID": "github.com/northwood-labs/golang-utils/exiterrorf@v0.0.0-20230302161720-ec685e2f274a", + "Name": "github.com/northwood-labs/golang-utils/exiterrorf", + "Version": "0.0.0-20230302161720-ec685e2f274a", + "Licenses": [ + "MIT" + ], + "Layer": {} + }, + { + "ID": "github.com/oklog/run@v1.0.0", + "Name": "github.com/oklog/run", + "Version": "1.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/pkg/errors@v0.9.1", + "Name": "github.com/pkg/errors", + "Version": "0.9.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/pmezard/go-difflib@v1.0.0", + "Name": "github.com/pmezard/go-difflib", + "Version": "1.0.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/posener/complete@v1.2.3", + "Name": "github.com/posener/complete", + "Version": "1.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "DependsOn": [ + "github.com/hashicorp/go-multierror@v1.1.1", + "github.com/stretchr/testify@v1.8.4" + ], + "Layer": {} + }, + { + "ID": "github.com/russross/blackfriday@v1.6.0", + "Name": "github.com/russross/blackfriday", + "Version": "1.6.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/shopspring/decimal@v1.3.1", + "Name": "github.com/shopspring/decimal", + "Version": "1.3.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/spf13/cast@v1.5.0", + "Name": "github.com/spf13/cast", + "Version": "1.5.0", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/spf13/cobra@v1.8.0", + "Name": "github.com/spf13/cobra", + "Version": "1.8.0", + "Licenses": [ + "Apache-2.0" + ], + "DependsOn": [ + "github.com/inconshreveable/mousetrap@v1.1.0", + "github.com/spf13/pflag@v1.0.5", + "gopkg.in/yaml.v3@v3.0.1" + ], + "Layer": {} + }, + { + "ID": "github.com/spf13/pflag@v1.0.5", + "Name": "github.com/spf13/pflag", + "Version": "1.0.5", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/stretchr/testify@v1.8.4", + "Name": "github.com/stretchr/testify", + "Version": "1.8.4", + "Licenses": [ + "MIT" + ], + "DependsOn": [ + "github.com/davecgh/go-spew@v1.1.1", + "github.com/pmezard/go-difflib@v1.0.0", + "gopkg.in/yaml.v3@v3.0.1" + ], + "Layer": {} + }, + { + "ID": "github.com/vmihailenco/msgpack@v4.0.4+incompatible", + "Name": "github.com/vmihailenco/msgpack", + "Version": "4.0.4+incompatible", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/vmihailenco/msgpack/v5@v5.4.1", + "Name": "github.com/vmihailenco/msgpack/v5", + "Version": "5.4.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "DependsOn": [ + "github.com/stretchr/testify@v1.8.4", + "github.com/vmihailenco/tagparser/v2@v2.0.0" + ], + "Layer": {} + }, + { + "ID": "github.com/vmihailenco/tagparser/v2@v2.0.0", + "Name": "github.com/vmihailenco/tagparser/v2", + "Version": "2.0.0", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/xo/terminfo@v0.0.0-20210125001918-ca9a967f8778", + "Name": "github.com/xo/terminfo", + "Version": "0.0.0-20210125001918-ca9a967f8778", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/zclconf/go-cty@v1.14.1", + "Name": "github.com/zclconf/go-cty", + "Version": "1.14.1", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "DependsOn": [ + "github.com/apparentlymart/go-textseg/v15@v15.0.0", + "github.com/google/go-cmp@v0.6.0", + "github.com/vmihailenco/msgpack/v5@v5.4.1", + "golang.org/x/text@v0.14.0" + ], + "Layer": {} + }, + { + "ID": "golang.org/x/crypto@v0.15.0", + "Name": "golang.org/x/crypto", + "Version": "0.15.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "DependsOn": [ + "golang.org/x/net@v0.17.0", + "golang.org/x/sys@v0.14.0" + ], + "Layer": {} + }, + { + "ID": "golang.org/x/exp@v0.0.0-20230626212559-97b1e661b5df", + "Name": "golang.org/x/exp", + "Version": "0.0.0-20230626212559-97b1e661b5df", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "DependsOn": [ + "github.com/google/go-cmp@v0.6.0", + "golang.org/x/mod@v0.13.0" + ], + "Layer": {} + }, + { + "ID": "golang.org/x/mod@v0.13.0", + "Name": "golang.org/x/mod", + "Version": "0.13.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "golang.org/x/net@v0.17.0", + "Name": "golang.org/x/net", + "Version": "0.17.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "DependsOn": [ + "golang.org/x/crypto@v0.15.0", + "golang.org/x/sys@v0.14.0", + "golang.org/x/text@v0.14.0" + ], + "Layer": {} + }, + { + "ID": "golang.org/x/sys@v0.14.0", + "Name": "golang.org/x/sys", + "Version": "0.14.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "golang.org/x/text@v0.14.0", + "Name": "golang.org/x/text", + "Version": "0.14.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "google.golang.org/appengine@v1.6.7", + "Name": "google.golang.org/appengine", + "Version": "1.6.7", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "DependsOn": [ + "github.com/golang/protobuf@v1.5.3", + "golang.org/x/net@v0.17.0", + "golang.org/x/text@v0.14.0" + ], + "Layer": {} + }, + { + "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20230822172742-b8732ec3820d", + "Name": "google.golang.org/genproto/googleapis/rpc", + "Version": "0.0.0-20230822172742-b8732ec3820d", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "DependsOn": [ + "google.golang.org/protobuf@v1.31.0" + ], + "Layer": {} + }, + { + "ID": "google.golang.org/grpc@v1.59.0", + "Name": "google.golang.org/grpc", + "Version": "1.59.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "DependsOn": [ + "github.com/golang/protobuf@v1.5.3", + "golang.org/x/net@v0.17.0", + "google.golang.org/genproto/googleapis/rpc@v0.0.0-20230822172742-b8732ec3820d", + "golang.org/x/sys@v0.14.0", + "github.com/google/uuid@v1.3.1", + "google.golang.org/protobuf@v1.31.0", + "github.com/google/go-cmp@v0.6.0" + ], + "Layer": {} + }, + { + "ID": "google.golang.org/protobuf@v1.31.0", + "Name": "google.golang.org/protobuf", + "Version": "1.31.0", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "DependsOn": [ + "github.com/golang/protobuf@v1.5.3", + "github.com/google/go-cmp@v0.6.0" + ], + "Layer": {} + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Version": "3.0.1", + "Licenses": [ + "Apache-2.0", + "MIT" + ], + "Indirect": true, + "Layer": {} + } + ] + }, + { + "Target": "generator/go.mod", + "Class": "lang-pkgs", + "Type": "gomod", + "Packages": [ + { + "ID": "github.com/Masterminds/goutils@v1.1.1", + "Name": "github.com/Masterminds/goutils", + "Version": "1.1.1", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/Masterminds/semver/v3@v3.2.0", + "Name": "github.com/Masterminds/semver/v3", + "Version": "3.2.0", + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/Masterminds/sprig/v3@v3.2.3", + "Name": "github.com/Masterminds/sprig/v3", + "Version": "3.2.3", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "DependsOn": [ + "github.com/imdario/mergo@v0.3.11", + "github.com/shopspring/decimal@v1.2.0", + "github.com/spf13/cast@v1.3.1", + "golang.org/x/crypto@v0.3.0", + "github.com/google/uuid@v1.1.1", + "github.com/Masterminds/semver/v3@v3.2.0", + "github.com/huandu/xstrings@v1.3.3", + "github.com/mitchellh/copystructure@v1.0.0", + "github.com/Masterminds/goutils@v1.1.1" + ], + "Layer": {} + }, + { + "ID": "github.com/chanced/caps@v1.0.1", + "Name": "github.com/chanced/caps", + "Version": "1.0.1", + "Licenses": [ + "MIT" + ], + "Layer": {} + }, + { + "ID": "github.com/google/uuid@v1.1.1", + "Name": "github.com/google/uuid", + "Version": "1.1.1", + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/huandu/xstrings@v1.3.3", + "Name": "github.com/huandu/xstrings", + "Version": "1.3.3", + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/imdario/mergo@v0.3.11", + "Name": "github.com/imdario/mergo", + "Version": "0.3.11", + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/inconshreveable/mousetrap@v1.1.0", + "Name": "github.com/inconshreveable/mousetrap", + "Version": "1.1.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/mitchellh/copystructure@v1.0.0", + "Name": "github.com/mitchellh/copystructure", + "Version": "1.0.0", + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/mitchellh/reflectwalk@v1.0.0", + "Name": "github.com/mitchellh/reflectwalk", + "Version": "1.0.0", + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/northwood-labs/golang-utils/exiterrorf@v0.0.0-20230302161720-ec685e2f274a", + "Name": "github.com/northwood-labs/golang-utils/exiterrorf", + "Version": "0.0.0-20230302161720-ec685e2f274a", + "Licenses": [ + "MIT" + ], + "Indirect": true, + "DependsOn": [ + "github.com/pkg/errors@v0.9.1" + ], + "Layer": {} + }, + { + "ID": "github.com/pkg/errors@v0.9.1", + "Name": "github.com/pkg/errors", + "Version": "0.9.1", + "Licenses": [ + "BSD-2-Clause" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/shopspring/decimal@v1.2.0", + "Name": "github.com/shopspring/decimal", + "Version": "1.2.0", + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/spf13/cast@v1.3.1", + "Name": "github.com/spf13/cast", + "Version": "1.3.1", + "Indirect": true, + "Layer": {} + }, + { + "ID": "github.com/spf13/cobra@v1.7.0", + "Name": "github.com/spf13/cobra", + "Version": "1.7.0", + "Licenses": [ + "Apache-2.0" + ], + "Indirect": true, + "DependsOn": [ + "github.com/inconshreveable/mousetrap@v1.1.0", + "github.com/spf13/pflag@v1.0.5" + ], + "Layer": {} + }, + { + "ID": "github.com/spf13/pflag@v1.0.5", + "Name": "github.com/spf13/pflag", + "Version": "1.0.5", + "Licenses": [ + "BSD-3-Clause" + ], + "Indirect": true, + "Layer": {} + }, + { + "ID": "golang.org/x/crypto@v0.3.0", + "Name": "golang.org/x/crypto", + "Version": "0.3.0", + "Indirect": true, + "Layer": {} + } + ] + }, + { + "Target": "OS Packages", + "Class": "license" + }, + { + "Target": "go.mod", + "Class": "license" + }, + { + "Target": "generator/go.mod", + "Class": "license" + }, + { + "Target": "Loose File License(s)", + "Class": "license-file" + } + ] +} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 5b35505c..524fe1cc 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -111,6 +111,13 @@ repos: # language: system # stages: [commit, push] + - id: go-consistent + name: 'Go: Consistent Patterns' + description: Analyzes Go packages to identify unnecessary type conversions. + entry: bash -c 'go-consistent ./corefunc/...; go-consistent ./corefuncprovider/...' + language: system + stages: [commit, push] + - id: unconvert name: 'Go: unconvert (current GOOS/GOARCH)' description: Analyzes Go packages to identify unnecessary type conversions. @@ -138,3 +145,10 @@ repos: entry: bash -c 'osv-scanner -r .' language: system stages: [commit, push] + + - id: trivy-vuln + name: Trivy (Vulnerabilities) + description: Check for security vulnerabilities. (https://trivy.dev) + entry: bash -c 'trivy fs --config trivy-vuln.yaml .' + language: system + stages: [commit, push] diff --git a/Makefile b/Makefile index a9bcadb5..ced24c66 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ current_dir := $(dir $(mkfile_path)) # Global stuff. GO=$(shell which go) -HOMEBREW_PACKAGES=bash bats-core coreutils editorconfig-checker findutils git git-lfs go grep jq librsvg nodejs pre-commit python@3.11 shellcheck tfschema trufflesecurity/trufflehog/trufflehog +HOMEBREW_PACKAGES=bash bats-core coreutils editorconfig-checker findutils git git-lfs go grep jq librsvg nodejs pre-commit python@3.11 shellcheck tfschema trivy trufflesecurity/trufflehog/trufflehog # Determine the operating system and CPU arch. OS=$(shell uname -o | tr '[:upper:]' '[:lower:]') @@ -67,6 +67,7 @@ install-tools-go: $(GO) install github.com/nikolaydubina/smrcptr@latest $(GO) install github.com/orlangure/gocovsh@latest $(GO) install github.com/pelletier/go-toml/v2/cmd/tomljson@latest + $(GO) install github.com/quasilyte/go-consistent@latest $(GO) install github.com/rhysd/actionlint/cmd/actionlint@latest $(GO) install github.com/securego/gosec/v2/cmd/gosec@latest $(GO) install github.com/trufflesecurity/driftwood@latest @@ -223,17 +224,9 @@ pre-commit: ## license: [lint]* Checks the licenses of all files and dependencies. license: @ $(ECHO) " " - @ $(ECHO) "\033[1;33m=====> Checking license statistics...\033[0m" - @ $(ECHO) "Ignored:" - @ tomljson .licensei.toml | jq -Mr '.ignored[] | " - \(.)"' - @ $(ECHO) " " - @ - licensei stat - - @ $(ECHO) " " - @ $(ECHO) "\033[1;33m=====> Checking license compliance...\033[0m" - @ - licensei check - @ $(ECHO) " " - @ - licensei list + @ $(ECHO) "\033[1;33m=====> Checking license usage...\033[0m" + @ - trivy fs --config trivy-license.yaml --format json . 2>/dev/null > .licenses.cache.json + @ cat .licenses.cache.json | jq -Mr '[.Results[] | select(.Class == "license") | select(.Licenses) | .Licenses[]] | [group_by(.Name) | .[] | {Name: .[0].Name, Count: length} | "\(.Name): \(.Count)"] | .[]' @ $(ECHO) " " @ $(ECHO) "\033[1;33m=====> Checking license headers...\033[0m" diff --git a/corefuncprovider/env_ensure_data_source_test.go b/corefuncprovider/env_ensure_data_source_test.go index 87f4851f..8d04e32d 100644 --- a/corefuncprovider/env_ensure_data_source_test.go +++ b/corefuncprovider/env_ensure_data_source_test.go @@ -46,7 +46,7 @@ func TestAccEnvEnsureDataSource(t *testing.T) { log.Fatalln(err) } - buf := new(bytes.Buffer) + buf := &bytes.Buffer{} tmpl := template.Must( template.ParseFiles("env_ensure_data_source_fixture.tftpl"), ) diff --git a/corefuncprovider/str_camel_data_source_test.go b/corefuncprovider/str_camel_data_source_test.go index 66852c54..16b52129 100644 --- a/corefuncprovider/str_camel_data_source_test.go +++ b/corefuncprovider/str_camel_data_source_test.go @@ -38,7 +38,7 @@ func TestAccStrCamelDataSource(t *testing.T) { strings.TrimSpace(name), ) - buf := new(bytes.Buffer) + buf := &bytes.Buffer{} tmpl := template.Must( template.ParseFiles("str_camel_data_source_fixture.tftpl"), ) diff --git a/corefuncprovider/str_constant_data_source_test.go b/corefuncprovider/str_constant_data_source_test.go index e209df36..122c0b5c 100644 --- a/corefuncprovider/str_constant_data_source_test.go +++ b/corefuncprovider/str_constant_data_source_test.go @@ -38,7 +38,7 @@ func TestAccStrConstantDataSource(t *testing.T) { strings.TrimSpace(name), ) - buf := new(bytes.Buffer) + buf := &bytes.Buffer{} tmpl := template.Must( template.ParseFiles("str_constant_data_source_fixture.tftpl"), ) diff --git a/corefuncprovider/str_iterative_replace_data_source_test.go b/corefuncprovider/str_iterative_replace_data_source_test.go index 1ddbc5bc..49b10d5a 100644 --- a/corefuncprovider/str_iterative_replace_data_source_test.go +++ b/corefuncprovider/str_iterative_replace_data_source_test.go @@ -38,7 +38,7 @@ func TestAccStrIterativeReplaceDataSource(t *testing.T) { strings.TrimSpace(name), ) - buf := new(bytes.Buffer) + buf := &bytes.Buffer{} tmpl := template.Must( template.ParseFiles("str_iterative_replace_data_source_fixture.tftpl"), ) diff --git a/corefuncprovider/str_kebab_data_source_test.go b/corefuncprovider/str_kebab_data_source_test.go index d6f78800..ae20ecd2 100644 --- a/corefuncprovider/str_kebab_data_source_test.go +++ b/corefuncprovider/str_kebab_data_source_test.go @@ -38,7 +38,7 @@ func TestAccStrKebabDataSource(t *testing.T) { strings.TrimSpace(name), ) - buf := new(bytes.Buffer) + buf := &bytes.Buffer{} tmpl := template.Must( template.ParseFiles("str_kebab_data_source_fixture.tftpl"), ) diff --git a/corefuncprovider/str_pascal_data_source_test.go b/corefuncprovider/str_pascal_data_source_test.go index aaf47ff0..d0bc8210 100644 --- a/corefuncprovider/str_pascal_data_source_test.go +++ b/corefuncprovider/str_pascal_data_source_test.go @@ -38,7 +38,7 @@ func TestAccStrPascalDataSource(t *testing.T) { strings.TrimSpace(name), ) - buf := new(bytes.Buffer) + buf := &bytes.Buffer{} tmpl := template.Must( template.ParseFiles("str_pascal_data_source_fixture.tftpl"), ) diff --git a/corefuncprovider/str_snake_data_source_test.go b/corefuncprovider/str_snake_data_source_test.go index bb52d036..76144aa1 100644 --- a/corefuncprovider/str_snake_data_source_test.go +++ b/corefuncprovider/str_snake_data_source_test.go @@ -38,7 +38,7 @@ func TestAccStrSnakeDataSource(t *testing.T) { strings.TrimSpace(name), ) - buf := new(bytes.Buffer) + buf := &bytes.Buffer{} tmpl := template.Must( template.ParseFiles("str_snake_data_source_fixture.tftpl"), ) diff --git a/corefuncprovider/truncate_label_data_source_test.go b/corefuncprovider/truncate_label_data_source_test.go index ed963748..fd259399 100644 --- a/corefuncprovider/truncate_label_data_source_test.go +++ b/corefuncprovider/truncate_label_data_source_test.go @@ -29,7 +29,7 @@ import ( ) func TestAccTruncateLabelDataSourceDefaultMaxLength64(t *testing.T) { - buf := new(bytes.Buffer) + buf := &bytes.Buffer{} tmpl := template.Must( template.ParseFiles("truncate_label_data_source_fixture_default64.tftpl"), ) @@ -66,7 +66,7 @@ func TestAccTruncateLabelDataSource(t *testing.T) { strings.TrimSpace(name), ) - buf := new(bytes.Buffer) + buf := &bytes.Buffer{} tmpl := template.Must( template.ParseFiles("truncate_label_data_source_fixture_maxlength.tftpl"), ) diff --git a/trivy-license.yaml b/trivy-license.yaml new file mode 100644 index 00000000..6ed7a2fb --- /dev/null +++ b/trivy-license.yaml @@ -0,0 +1,197 @@ +--- +cache: + backend: fs + clear: false +db: + download-java-only: false + download-only: false + java-repository: ghcr.io/aquasecurity/trivy-java-db + java-skip-update: false + light: false + no-progress: false + repository: ghcr.io/aquasecurity/trivy-db + skip-update: false +# debug: false +dependency-tree: true +exit-code: 0 +format: table +ignore-policy: '' +ignorefile: .trivyignore +include-dev-deps: false +insecure: false +license: + confidencelevel: '0.9' + forbidden: + - AGPL-1.0 + - AGPL-3.0 + - CC-BY-NC-1.0 + - CC-BY-NC-2.0 + - CC-BY-NC-2.5 + - CC-BY-NC-3.0 + - CC-BY-NC-4.0 + - CC-BY-NC-ND-1.0 + - CC-BY-NC-ND-2.0 + - CC-BY-NC-ND-2.5 + - CC-BY-NC-ND-3.0 + - CC-BY-NC-ND-4.0 + - CC-BY-NC-SA-1.0 + - CC-BY-NC-SA-2.0 + - CC-BY-NC-SA-2.5 + - CC-BY-NC-SA-3.0 + - CC-BY-NC-SA-4.0 + - Commons-Clause + - Facebook-2-Clause + - Facebook-3-Clause + - Facebook-Examples + full: true + ignored: [] + notice: + - AFL-1.1 + - AFL-1.2 + - AFL-2.0 + - AFL-2.1 + - AFL-3.0 + - Apache-1.0 + - Apache-1.1 + - Apache-2.0 + - Artistic-1.0-cl8 + - Artistic-1.0-Perl + - Artistic-1.0 + - Artistic-2.0 + - BSL-1.0 + - BSD-2-Clause-FreeBSD + - BSD-2-Clause-NetBSD + - BSD-2-Clause + - BSD-3-Clause-Attribution + - BSD-3-Clause-Clear + - BSD-3-Clause-LBNL + - BSD-3-Clause + - BSD-4-Clause + - BSD-4-Clause-UC + - BSD-Protection + - CC-BY-1.0 + - CC-BY-2.0 + - CC-BY-2.5 + - CC-BY-3.0 + - CC-BY-4.0 + - FTL + - ISC + - ImageMagick + - Libpng + - Lil-1.0 + - Linux-OpenIB + - LPL-1.02 + - LPL-1.0 + - MS-PL + - MIT + - NCSA + - OpenSSL + - PHP-3.01 + - PHP-3.0 + - PIL + - Python-2.0 + - Python-2.0-complete + - PostgreSQL + - SGI-B-1.0 + - SGI-B-1.1 + - SGI-B-2.0 + - Unicode-DFS-2015 + - Unicode-DFS-2016 + - Unicode-TOU + - UPL-1.0 + - W3C-19980720 + - W3C-20150513 + - W3C + - X11 + - Xnet + - Zend-2.0 + - zlib-acknowledgement + - Zlib + - ZPL-1.1 + - ZPL-2.0 + - ZPL-2.1 + permissive: + - WTFPL + reciprocal: + - APSL-1.0 + - APSL-1.1 + - APSL-1.2 + - APSL-2.0 + - CDDL-1.0 + - CDDL-1.1 + - CPL-1.0 + - EPL-1.0 + - EPL-2.0 + - FreeImage + - IPL-1.0 + - MPL-1.0 + - MPL-1.1 + - MPL-2.0 + - Ruby + restricted: + - BCL + - CC-BY-ND-1.0 + - CC-BY-ND-2.0 + - CC-BY-ND-2.5 + - CC-BY-ND-3.0 + - CC-BY-ND-4.0 + - CC-BY-SA-1.0 + - CC-BY-SA-2.0 + - CC-BY-SA-2.5 + - CC-BY-SA-3.0 + - CC-BY-SA-4.0 + - GPL-1.0 + - GPL-2.0 + - GPL-2.0-with-autoconf-exception + - GPL-2.0-with-bison-exception + - GPL-2.0-with-classpath-exception + - GPL-2.0-with-font-exception + - GPL-2.0-with-GCC-exception + - GPL-3.0 + - GPL-3.0-with-autoconf-exception + - GPL-3.0-with-GCC-exception + - LGPL-2.0 + - LGPL-2.1 + - LGPL-3.0 + - NPL-1.0 + - NPL-1.1 + - OSL-1.0 + - OSL-1.1 + - OSL-2.0 + - OSL-2.1 + - OSL-3.0 + - QPL-1.0 + - Sleepycat + unencumbered: + - 0BSD + - CC0-1.0 + - Unlicense +list-all-pkgs: true +misconfiguration: + include-non-failures: false + policy-bundle-repository: ghcr.io/aquasecurity/defsec:0 + reset-policy-bundle: false +output: '' +quiet: true +report: all +reset: false +scan: + compliance: '' + file-patterns: [] + offline: false + rekor-url: https://rekor.sigstore.dev + sbom-sources: [] + scanners: + - license + skip-dirs: [] + skip-files: [] + slow: false +secret: + config: trivy-secret.yaml +severity: + # - UNKNOWN + # - LOW + # - MEDIUM + - HIGH + - CRITICAL +timeout: 5m0s diff --git a/trivy-vuln.yaml b/trivy-vuln.yaml new file mode 100644 index 00000000..96ca9fa2 --- /dev/null +++ b/trivy-vuln.yaml @@ -0,0 +1,58 @@ +--- +cache: + backend: fs + clear: false +db: + download-java-only: false + download-only: false + java-repository: ghcr.io/aquasecurity/trivy-java-db + java-skip-update: false + light: false + no-progress: false + repository: ghcr.io/aquasecurity/trivy-db + skip-update: false +# debug: false +dependency-tree: true +exit-code: 1 +format: table +ignore-policy: '' +ignorefile: .trivyignore +include-dev-deps: false +insecure: false +list-all-pkgs: true +misconfiguration: + include-non-failures: false + policy-bundle-repository: ghcr.io/aquasecurity/defsec:0 + reset-policy-bundle: false +output: '' +quiet: true +report: all +reset: false +scan: + compliance: '' + file-patterns: [] + offline: false + rekor-url: https://rekor.sigstore.dev + sbom-sources: [] + scanners: + - vuln + - config + - secret + skip-dirs: [] + skip-files: [] + slow: false +secret: + config: trivy-secret.yaml +severity: + - UNKNOWN + - LOW + - MEDIUM + - HIGH + - CRITICAL +timeout: 5m0s +vulnerability: + ignore-status: [] + ignore-unfixed: true + type: + - os + - library